The Target Data Hack Cost Banks More Than $200 Million

New estimates pin the cost of last year’s robbery higher than previously thought.

National Journal
Add to Briefcase
Dustin Volz
Feb. 18, 2014, 6:38 a.m.

The gar­gan­tu­an theft of data from cred­it and deb­it cards used at Tar­get stores dur­ing last year’s hol­i­day shop­ping sea­son is now be­lieved to have cost fin­an­cial in­sti­tu­tions more than $200 mil­lion, ac­cord­ing to self-re­por­ted es­tim­ates re­leased Tues­day.

The new num­bers are an up­tick from earli­er cal­cu­la­tions. The Con­sumer Bankers As­so­ci­ation re­vised its es­tim­ate of the cost of card re­place­ments for its mem­bers, rais­ing it from $153 mil­lion to $172 mil­lion. The Cred­it Uni­on Na­tion­al As­so­ci­ation has up­dated its cal­cu­la­tions of dam­ages in­curred by cred­it uni­ons to $30.6 mil­lion, up from $25 mil­lion.

Taken to­geth­er, the costs now sur­pass $200 mil­lion, al­though that tally does not re­flect the costs to fin­an­cial in­sti­tu­tions that are not cred­it uni­ons or op­er­ate out­side the Con­sumer Bankers As­so­ci­ation.

The na­tion­wide heist of fin­an­cial data from Tar­get stores took place from Nov. 27 to Dec. 15 and is be­lieved to have af­fected 110 mil­lion cus­tom­ers. The rob­bery, which now ap­pears to have been made pos­sible due to an email phish­ing scheme de­ployed on a heat­ing and air-con­di­tion­ing con­tract­or, in­cluded names, mail­ing ad­dresses, en­cryp­ted per­son­al iden­ti­fic­a­tion num­bers, and phone num­bers.

Con­gress is eye­ing new ap­proaches to data se­cur­ity in the wake of the breaches at Tar­get and oth­er na­tion­al re­tail chains. Banks have been push­ing re­tail­ers to im­ple­ment bet­ter con­sumer-data pro­tec­tions at their stores.